On 07/05/2011 05:04 PM, Roland Roland wrote:
Hello,
i'm trying to get squid to work with a max os x based LDAP.
I have a couple of questions if you can help me with:
1. Does a centos based yum installation contain ldap and kerberos
support?
2. Is the following squid.conf config enough to get things up and
running (complete article
<http://www.cyberciti.biz/tips/howto-configure-squid-ldap-authentication.html>)
|auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"dc=nixcraft,dc=com" -f "uid=%s" -h ldap.nixcraft.com
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
http_access deny all
3. If repository based squid doesn't come with ldap/kerberos support.
is the following enough:
|./configure --enable-basic-auth-helpers="LDAP"
--enable-external-acl-helpers=ldap_group
NB: if you can guide me to a how to i'd appreciate it.
Thank you for help and best regards,
--Roland
I configured something similar recently - Kerberos authentication with a
Mac OS X Server, and Mac OS and RHEL clients. I'm not worried about
LDAP, just the Kerberos part. That config you've got there uses Basic
Auth, which means plaintext. In most environments that is not acceptable.
I think it should work with Squid 2.6 (the version that comes with
Centos 5.6), but I wanted to get dynamic SSL certificate generation
working, so I've compiled and run a very recent release. The CentOS RPM
does include the helpers, so it should do what you want.
- Lindsay
